Okay I've been able to get this to work: the problem is that dracut doesn't install anything from /etc/crypttab unless it's run in --host- only mode, but if it is, then it generally fails to install anything cryptography related (under an Ubuntu ZFS-on-root native encryption setup).
It's worth noting no combination of rd.auto rd.luks=1 would seem to detect the keystore partition, but adding: ``` #/etc/dracut.conf.d/00-crypttab.conf install_items+=" /etc/crypttab " ``` to my dracut.conf file *did* get the encrypted partition to mount. However since dracut has no idea what it should do with that. It's possible to use an undocumented feature here to fix this explicitly in the simple config: ``` #/etc/dracut.conf.d/01-keystore-rpool-mnt.conf fstab_lines+=" /dev/mapper/keystore-rpool /run/keystore/rpool auto " ``` (note yes this is a malformed line - dracut appends '0 0 2' to whatever you put here for the last element) So the problem seems to be that zfs-dracut needs to explicitly handle the Ubuntu keystore convention, since I can't see how dracut would figure it out otherwise - i.e detecting a keystore should trigger a decrypt operation (or better, force the relevant crypttab line to be included so tpm2-device etc. options can be used) and then the scripts need to execute the mount point. I've tested this setup as letting you login with a password, but it has another problem: since the ZFS scripts don't know they're waiting for their own decryption (they're doing udevsettle) then after about 15-20 seconds dracut crashes to the recovery shell from the password prompt. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to zfs-linux in Ubuntu. https://bugs.launchpad.net/bugs/2070066 Title: dracut does not support booting from an encrypted ZFS volume Status in dracut package in Ubuntu: Triaged Status in zfs-linux package in Ubuntu: Confirmed Bug description: Dracut does not support booting from an encrypted ZFS volume. Steps to reproduce: 1. In a VM install Ubuntu 24.10 with an encrypted ZFS volume 2. Install dracut afterwards: sudo apt install dracut zfs-dracut 3. Add rd.shell to the boot arguments 4. Reboot The boot will fail: ``` dracut-pre-mount[817]: Warning: ZFS: Key /run/keystore/rpool/system.key for rpool hasn't appeared. Trying anyway. dracut-pre-mount[863]: Key load error: Failed to open key material file: No such file or directory [FAILED] Failed to mount sysroot.mount - /sysroot. ``` The initrd should have asked for the password, but it did not. ProblemType: Bug DistroRelease: Ubuntu 24.10 Package: dracut-core 102-3ubuntu2 ProcVersionSignature: Ubuntu 6.8.0-31.31-generic 6.8.1 Uname: Linux 6.8.0-31-generic x86_64 NonfreeKernelModules: zfs ApportVersion: 2.28.1-0ubuntu4 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Fri Jun 21 09:35:42 2024 InstallationDate: Installed on 2024-06-20 (1 days ago) InstallationMedia: Ubuntu 24.10 "Oracular Oriole" - Daily amd64 (20240617) ProcEnviron: LANG=de_DE.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: dracut UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dracut/+bug/2070066/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
